Ive been using XG and UTM for a while now and have used RED a few times, but ive got a dedicated server now in the cloud and i installed XG on it for my edge firewall. I setup a red tunnel from my xg to that xg but i had a windows 2019 vm running on the server and somehow i had an intrusion on an app. Ive no idea how it got in as i have web filtering on and ips and atp, but still it got in.
It was a remote desktop manager app and the logs showed user attempts on the sessions which wasnt what i use, i assumed id be secure enough using the red tunnel for the access to the app and i dont have incoming rules for that vms ip.
Is red secure? the intrusion either happened via the red vpn or the wan connection but as i say the WAN rules have every feature enabled and double malware scanners and batch processing in the web filter, ips is general policy and atp is on for log and drop. However the red rules for my access are less strict, VPN to LAN i use without web filtering but i still use ips general policy on both ends rules.
I only have static routes my side and i use the vms ips on /32 addresses for each route i need to use, the server side has no routes as i didnt think it would need them as its just one way traffic really and its initiated from my side.
My XG does use web filtering on the LAN to VPN rule with http & https scanning, quic block, sandstorm and ftp scanning aswell as IPS general policy and atp is also on.
So as you can see i assumed i covered all the bases to keep my sessions secure but i assumed wrongly.
Is there a decent guide for RED tunnels XG to XG which includes firewall rules, routes and interface setup?
Thanks
JK
This thread was automatically locked due to age.
